Solved I think I downloaded Malware, Bing.zugotoolbar

broni · 2010/03/02

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Blue Skys · 2010/03/02

OTL logfile created on: 3/2/2010 4:45:52 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Charlotte\Documents\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 407.79 Gb Free Space | 90.40% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.01 Gb Free Space | 41.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Charlotte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/02 16:37:33 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/12/12 19:57:04 | 001,688,344 | ---- | M] (ParetoLogic) -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/08/05 16:46:56 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/01 12:35:38 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Upromise\UpromiseTray.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/02/20 04:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe
PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (SafeList) ==========

MOD - [2010/03/02 16:37:33 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
MOD - [2009/09/30 20:02:17 | 002,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2009/04/11 01:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2009/04/11 01:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/04/11 01:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2006/11/02 10:02:33 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 20:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/17 23:54:02 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/07/02 02:11:34 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/08/05 16:46:56 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/20 05:28:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/29 23:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/03/24 08:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 4B 36 B9 D8 1E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://home.core.com/home/start
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search "
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=SOLTDF&q= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://Bing.zugo.com/?cfg=2-71-0-e8MD\n "
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:6.2.2.1363
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/14 01:37:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/14 01:37:08 | 000,000,000 | ---D | M]

[2009/04/05 06:18:01 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Extensions
[2010/03/02 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions
[2009/06/24 10:04:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/10/04 21:12:08 | 000,000,000 | ---D | M] (Send Page By Email) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
[2009/06/24 10:05:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/08 09:37:41 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/11 06:29:06 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/01/30 07:20:10 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/03/02 15:59:51 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/11 06:29:13 | 000,000,000 | ---D | M] (Interclue) -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/09/09 17:26:31 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\autopager@mozilla.org
[2009/10/11 06:29:06 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\FFToolbar@upromise
[2009/09/08 09:37:41 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\fotofox@mozilla.com
[2009/09/08 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\extensions\isreaditlater@ideashower.com
[2009/05/01 19:20:25 | 000,002,207 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\askcom.xml
[2010/01/30 07:24:15 | 000,002,180 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\bing-ff.xml
[2009/04/07 11:04:56 | 000,001,632 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\zh5wtzxu.default\searchplugins\live-search.xml
[2010/02/13 13:49:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/07/30 03:52:48 | 000,000,000 | ---D | M] (Wyyo) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{0CA8283E-056B-40D7-A343-83C84105CE78}
[2009/03/28 16:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-companion@mozilla.com
[2009/03/28 16:43:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\kodak-online@partners.mozilla.com
[2010/01/30 16:39:57 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Pareto_Update] C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe File not found
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O24 - Desktop BackupWallPaper: C:\Users\Charlotte\Pictures\Outdoor Wonders\Our Galaxy\jupiter.bmp
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell - " " = AutoRun
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell\AutoRun\command - " " = F:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 22:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/02 16:33:43 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
[2010/02/28 20:58:25 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\TFC.exe
[2010/02/27 15:51:52 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\DoctorWeb
[2010/02/26 20:46:31 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\INB Christmas Scrapbook_images
[2010/02/26 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2010/02/26 17:39:16 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Sierra Wireless
[2010/02/26 17:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/02/26 17:01:47 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Charlotte\Documents\Desktop\HijackThisInstaller.exe
[2010/02/26 03:23:46 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Malwarebytes
[2010/02/26 03:23:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/02/26 03:23:40 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/02/26 03:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/02/26 03:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/26 02:27:35 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Charlotte\Documents\Desktop\mbam-setup.exe
[2010/02/23 23:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/02/23 23:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2010/02/23 23:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2010/02/23 23:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2010/02/17 15:39:55 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\Jim's Driver License

========== Files - Modified Within 14 Days ==========

[2010/03/02 16:40:40 | 003,670,016 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat
[2010/03/02 16:37:33 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\OTL.exe
[2010/03/02 16:03:09 | 000,790,054 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/02 16:03:09 | 000,663,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/02 16:03:09 | 000,128,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/02 15:57:15 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2010/03/02 15:57:14 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/02 15:57:14 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/02 15:57:09 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/03/02 15:57:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/02 15:57:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/02 15:56:09 | 000,524,288 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TMContainer00000000000000000001.regtrans-ms
[2010/03/02 15:56:09 | 000,065,536 | -HS- | M] () -- C:\Users\Charlotte\ntuser.dat{4767af02-5505-11de-b94e-9a0a1e35dc81}.TM.blf
[2010/03/02 15:56:03 | 003,714,603 | -H-- | M] () -- C:\Users\Charlotte\AppData\Local\IconCache.db
[2010/03/02 15:48:57 | 000,017,014 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2010/03/02 14:32:27 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8559B34B-EA1A-48B0-A38D-9C17DAD3CDAB}.job
[2010/03/02 14:31:13 | 000,010,752 | ---- | M] () -- C:\Users\Charlotte\Documents\Computer Short Cuts,Error fixes,etc..xlr
[2010/03/01 22:20:02 | 005,928,960 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2010/03/01 22:20:02 | 002,754,560 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010/03/01 21:32:49 | 000,010,752 | ---- | M] () -- C:\Users\Charlotte\Documents\Computer, error codes, things and places to check.xlr
[2010/03/01 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010/02/28 21:00:50 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Documents\Desktop\TFC.exe
[2010/02/28 00:22:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\FileCure.job
[2010/02/27 20:55:58 | 000,471,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/27 20:53:15 | 000,207,735 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\DrWeb.csv
[2010/02/27 07:39:38 | 032,244,920 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\drweb-cureit.exe
[2010/02/27 00:26:59 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/02/26 20:51:29 | 000,008,230 | ---- | M] () -- C:\Users\Charlotte\Documents\INB Christmas Scrapbook.ppp
[2010/02/26 19:03:09 | 000,152,064 | ---- | M] () -- C:\Users\Charlotte\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/26 17:06:31 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Charlotte\Documents\Desktop\HijackThisInstaller.exe
[2010/02/26 16:14:50 | 000,293,376 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\urgk5xs6.exe
[2010/02/26 03:23:44 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/26 03:05:16 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Charlotte\Documents\Desktop\mbam-setup.exe
[2010/02/26 01:49:12 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/02/24 17:39:13 | 000,012,288 | ---- | M] () -- C:\Users\Charlotte\Documents\BCGC Spring Gala - Purchasing list.xlr
[2010/02/24 16:30:08 | 000,028,160 | ---- | M] () -- C:\Users\Charlotte\Documents\Medicare, Advantage Health Ins. letter 1.28.10.wps
[2010/02/23 23:48:39 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\ParetoLogic FileCure.lnk
[2010/02/22 17:08:17 | 000,524,288 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\dds.scr
[2010/02/20 17:19:15 | 000,020,992 | ---- | M] () -- C:\Users\Charlotte\Documents\Windows BBS Post.wps
[2010/02/20 11:35:43 | 000,000,923 | ---- | M] () -- C:\Users\Charlotte\Documents\Desktop\whh-adsense-728-def.html
[2010/02/19 18:03:37 | 000,251,194 | ---- | M] () -- C:\Users\Charlotte\Documents\2907978_103823_1_Rebate_82285.pdf
[2010/02/19 16:54:09 | 000,017,408 | ---- | M] () -- C:\Users\Charlotte\Documents\Internet,computer,printer information.xlr
[2010/02/18 18:15:34 | 000,009,728 | ---- | M] () -- C:\Users\Charlotte\Documents\New AT&T USBDirect Connect Service.wps
[2010/02/17 17:19:41 | 000,017,920 | ---- | M] () -- C:\Users\Charlotte\Documents\Printer info and other things.xlr
[2010/02/17 13:12:25 | 000,015,872 | ---- | M] () -- C:\Users\Charlotte\Documents\College Scholarships Log Book.xlr

========== Files Created - No Company Name ==========

[2010/03/02 14:26:08 | 000,010,752 | ---- | C] () -- C:\Users\Charlotte\Documents\Computer Short Cuts,Error fixes,etc..xlr
[2010/03/01 21:29:43 | 000,010,752 | ---- | C] () -- C:\Users\Charlotte\Documents\Computer, error codes, things and places to check.xlr
[2010/02/27 20:53:15 | 000,207,735 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\DrWeb.csv
[2010/02/27 03:52:42 | 032,244,920 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\drweb-cureit.exe
[2010/02/26 20:46:30 | 000,008,230 | ---- | C] () -- C:\Users\Charlotte\Documents\INB Christmas Scrapbook.ppp
[2010/02/26 16:13:38 | 000,293,376 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\urgk5xs6.exe
[2010/02/26 03:23:44 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 16:50:26 | 000,012,288 | ---- | C] () -- C:\Users\Charlotte\Documents\BCGC Spring Gala - Purchasing list.xlr
[2010/02/23 23:48:48 | 000,000,476 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010/02/23 23:48:40 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\FileCure Startup.job
[2010/02/23 23:48:39 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\ParetoLogic FileCure.lnk
[2010/02/23 23:48:39 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010/02/23 23:48:39 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\FileCure.job
[2010/02/22 17:00:44 | 000,524,288 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\dds.scr
[2010/02/20 16:47:55 | 000,020,992 | ---- | C] () -- C:\Users\Charlotte\Documents\Windows BBS Post.wps
[2010/02/20 11:35:15 | 000,000,923 | ---- | C] () -- C:\Users\Charlotte\Documents\Desktop\whh-adsense-728-def.html
[2010/02/19 18:03:37 | 000,251,194 | ---- | C] () -- C:\Users\Charlotte\Documents\2907978_103823_1_Rebate_82285.pdf
[2010/02/18 18:15:34 | 000,009,728 | ---- | C] () -- C:\Users\Charlotte\Documents\New AT&T USBDirect Connect Service.wps
[2010/02/17 17:19:41 | 000,017,920 | ---- | C] () -- C:\Users\Charlotte\Documents\Printer info and other things.xlr
[2010/01/22 00:10:58 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/21 22:16:37 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\gif89.dll
[2010/01/21 22:16:05 | 000,000,537 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/08/16 23:16:24 | 000,076,407 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\Smiley.ico
[2009/08/16 17:25:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/16 17:24:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/31 08:42:31 | 000,000,097 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\fusioncache.dat
[2009/07/30 18:08:08 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/27 23:52:16 | 000,412,140 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistMSI07EB.txt
[2009/07/27 23:52:16 | 000,011,458 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\dd_vcredistUI07EB.txt
[2009/05/23 07:19:15 | 000,000,022 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\kodakpcd.ini
[2009/04/19 13:59:30 | 000,000,680 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\d3d9caps.dat
[2009/03/22 13:42:11 | 000,008,248 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\en.ini
[2009/01/29 18:49:20 | 000,026,478 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\UserTile.png
[2009/01/29 18:44:38 | 000,017,014 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\wklnhst.dat
[2009/01/28 17:28:50 | 000,003,584 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/26 14:53:31 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/12/26 14:53:31 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/12/26 14:53:31 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002/12/11 18:19:34 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2002/12/11 18:19:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2000/04/12 16:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2000/04/12 16:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== LOP Check ==========

[2010/01/30 07:49:57 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Blitware
[2010/02/28 00:36:07 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Canon
[2010/02/04 01:41:12 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Clip Art Collection
[2009/10/12 22:16:35 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/10 15:00:21 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\DriverCure
[2010/01/30 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\E-centives
[2009/08/19 18:42:52 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Free-backup.info
[2010/02/06 10:04:06 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\gtk-2.0
[2009/11/10 11:45:05 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\licenses
[2009/11/10 01:19:49 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PCMM2009
[2010/02/13 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PeerNetworking
[2009/04/07 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Shape games
[2010/02/26 17:39:16 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Sierra Wireless
[2009/05/12 18:26:41 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SmartDraw
[2009/07/29 06:15:43 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SPAMfighter
[2009/01/29 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Template
[2009/11/10 17:00:51 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Uniblue
[2009/08/01 06:35:57 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\upromise
[2009/09/20 21:57:37 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\WeatherBug
[2009/04/07 10:39:50 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Windows Live Writer
[2010/02/27 00:26:59 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2010/03/02 15:57:15 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job
[2010/02/28 00:22:00 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\FileCure.job
[2010/03/01 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010/02/26 01:49:12 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2010/03/02 15:56:15 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/02 14:32:27 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8559B34B-EA1A-48B0-A38D-9C17DAD3CDAB}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/12/26 14:25:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/12/26 14:25:44 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 765 bytes -> C:\Users\Charlotte\Documents\6 pictures for you.eml:OECustomProperty
< End of report >

Blue Skys · 2010/03/02

OTL Extras logfile created on: 3/2/2010 4:45:52 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\Charlotte\Documents\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 63.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 407.79 Gb Free Space | 90.40% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.01 Gb Free Space | 41.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: Charlotte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = C3 F7 9B C9 B6 20 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2703132291-4135161347-3693838283-1000]
"EnableNotificationsRef" = 2

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064CC1B9-7AC6-4817-8316-7F4E69208265}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{083E65BC-4608-4894-9AA9-BB54BC64EB83}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{480A84D5-760C-4168-BDE1-B70D4AABAB36}" = protocol=6 | dir=in | app=c:\program files (x86)\quicken willmaker plus 2005\qwp.exe |
"{7246F636-A363-4AD0-BF7F-F1E383ACA3FC}" = protocol=17 | dir=in | app=c:\program files (x86)\quicken willmaker plus 2005\qwp.exe |
"{7EFF6AA6-DAFB-4336-BDDE-B850D193B554}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{806837E5-9321-4240-8361-E8063DB565A2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{8093593C-20AC-4920-A25E-B9CEAEA4B084}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{8EE342B2-99D4-4010-8B4F-D63F2A23B4EB}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{9C84606A-22D4-4EE5-8B00-1112AEDDC7A9}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A85A5FA3-FD2F-482C-8AB9-F6CD3F438C69}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{BC3EB583-C3AB-4886-B6FF-327D1463B6E8}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE2}" = Paint.NET v3.5.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2081D245-46EF-40E1-9DBD-17D1B287D85D}" = Clip Art Collection
"{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}" = Scrapbook Flair
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5BC304B7-84B4-43B3-8A62-EB9BC2051544}" = Photo Explosion SE
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE15D0F7-8C2E-4419-97B4-995ED16FBB4E}" = Art Explosion Greeting Card Factory Express
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D45A4401-F7F7-46B7-B0BB-5988F42FA485}" = Scrapbooks Please Uploader
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E432C362-6A71-4E8A-A68A-AE5246520656}" = Art Explosion Scrapbook Factory
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"AbiWord2" = AbiWord 2.6.4
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ezcards" = EZ Cards (remove only)
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Frosty Games" = Frosty Games
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Quicken WillMaker Plus 2005" = Quicken WillMaker Plus 2005
"Upromise TurboSaver" = Upromise TurboSaver (remove only)
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Blue Skys · 2010/03/02

And I have to tell you something that really has me baffled, When I got on line to see if you answered. When Firefox opened, there were multiple add on updates and the WOT I tried to download this A.M. That I "X'd" out of was there and of all things a add on for "bing.zugotoolbar.com.
Is this thing tied to Mozilla or possible Firefox? I don't get it. I'm definitely not going to download this program ad on.
So, is this re-director some real program or is it a real malware or virus or something. Or am I not understanding what I have been doing. And, the two problems in my email, (which I deleted), were they the problem? Or, just how messed up is or was my PC.
If Mozilla is authorizing this thing, then why did I find all of those answers (when I did a serch in google) stating that bing.zugotoolbar is malware and should be dealt with, was really meaning just what exactly? It was there I found this site and had a direct link to the "Security,Malware" link in windowsbbs.com. I guess I am really confused. I hope the logs I posted are correct and what you needed. Thanks

broni · 2010/03/02

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
FF - prefs.js..browser.startup.homepage:  "http://Bing.zugo.com/?cfg=2-71-0-e8MD\n "
FF - prefs.js..keyword.URL:  "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= "
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell - " " = AutoRun
O33 - MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\Shell\AutoRun\command - " " = F:\WIN\setup.exe -- File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Blue Skys · 2010/03/02

I just rebooted after the above "run fix" was completed. I opened up firefox and used my drop down list to bring up this site. Instead this is what I got.

error code 414-Request -uri too large bing.zugotoolbar. I will run the quick scan now.

broni · 2010/03/03

I need to see OTL log.

Blue Skys · 2010/03/03

All processes killed
========== OTL ==========
Prefs.js: "http://Bing.zugo.com/?cfg=2-71-0-e8MD\n" removed from browser.startup.homepage
Prefs.js: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=" removed from keyword.URL
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a106bf6-1f01-11df-8277-001d099bf2a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a106bf6-1f01-11df-8277-001d099bf2a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a106bf6-1f01-11df-8277-001d099bf2a0}\ not found.
File F:\WIN\setup.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Char
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Charlotte
->Temp folder emptied: 6333928 bytes
->Temporary Internet Files folder emptied: 713543 bytes
->Java cache emptied: 128013 bytes
->FireFox cache emptied: 35351685 bytes
->Flash cache emptied: 61564 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 552230 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.32.0 log created on 03022010_230650

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000005C3E112E9005947386 not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

broni · 2010/03/03

OK. How is Firefox doing right now?

Blue Skys · 2010/03/03

Firefox crashed this morning, but it seems to be ok for now. Again, I can't thank you enough.

A couple of questions. yesterday afternoon, I received a pop up window from Firefox, with some updates for some add on (i think that is what they are called). And, my WOT I was trying to download (when this all started again) was listed. Here is the problem. So Was bing.zugotoolbar, as an add on.

I just used the x and closed the window. What in the world are they thinking. If this program is endorsed by Mozilla, then is it really malware as stated when I did a search (that is when I found this web site). There must have been 5 or 6 seperate posts saying it was malware and if you have it you should get help to get rid of it.
Anyway, let me know what you think, anything you say I'll go along with. Also, if this handy little program works it back in to my PC, then is there anything I can do with out bothering you again? Or is it just better to get back with you, because (I guess) one can never tell just what the real problem may be.
And I just want to say thanks a bunch, you have been really great and very helpful. Not counting, your probably the most patient person on the web. Thanks again.

broni · 2010/03/03

Well, we removed those "bing" entries only this morning, so it shouldn't be bothering you anymore.

Blue Skys · 2010/03/03

I like to say one more time. Thanks for all of your help. Later

broni · 2010/03/03

You're welcome one more time

Log in or Sign up

Solved I think I downloaded Malware, Bing.zugotoolbar

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved I think I downloaded Malware, Bing.zugotoolbar

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Blue Skys Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches